Analysis & Opinions - Lawfare
The Real Lesson from the WannaCry Ransomware
Preview
"Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.
Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.
Our bottom line up front is that, VEP or no VEP, today’s ransomware attack highlights the risks of relying on software that is no longer supported by its developer (like Windows XP) and of not applying patches that the developer makes available (like MS17-010). Even a perfectly functioning VEP would not make much difference unless the developer addressed the vulnerability, and businesses and institutions applied the relevant patch. These are the two issues—more than a government process that feeds them—that make or break organizations in the wake of today’s attack..."
Want to Read More?
The full text of this publication is available via the original publication source.
For more information on this publication:
Please contact
Cyber Project
For Academic Citation:
Buchanan, Ben and Michael Sulmeyer.“The Real Lesson from the WannaCry Ransomware.” Lawfare, May 12, 2017.
- Recommended
- In the Spotlight
- Most Viewed
Recommended
News
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Setting a Course for Arctic Research: Arctic Initiative at Arctic Science Summit Week 2024
Analysis & Opinions
- Lawfare
Backdoor in XZ Utils That Almost Happened
Analysis & Opinions
- MIT Technology Review
Let’s Not Make the Same Mistakes with AI That We Made with Social Media
In the Spotlight
Most Viewed
Analysis & Opinions
- New Straits Times
Gorbachev and the End of the Cold War
Report
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Freedom of Navigation in the South China Sea: A Practical Guide
Policy Brief
- Quarterly Journal: International Security
Oil, Conflict, and U.S. National Interests
Preview
"Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.
Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.
Our bottom line up front is that, VEP or no VEP, today’s ransomware attack highlights the risks of relying on software that is no longer supported by its developer (like Windows XP) and of not applying patches that the developer makes available (like MS17-010). Even a perfectly functioning VEP would not make much difference unless the developer addressed the vulnerability, and businesses and institutions applied the relevant patch. These are the two issues—more than a government process that feeds them—that make or break organizations in the wake of today’s attack..."
Want to Read More?
The full text of this publication is available via the original publication source.- Recommended
- In the Spotlight
- Most Viewed
Recommended
News - Belfer Center for Science and International Affairs, Harvard Kennedy School
Setting a Course for Arctic Research: Arctic Initiative at Arctic Science Summit Week 2024
Analysis & Opinions - Lawfare
Backdoor in XZ Utils That Almost Happened
Analysis & Opinions - MIT Technology Review
Let’s Not Make the Same Mistakes with AI That We Made with Social Media
In the Spotlight
Most Viewed
Analysis & Opinions - New Straits Times
Gorbachev and the End of the Cold War
Report - Belfer Center for Science and International Affairs, Harvard Kennedy School
Freedom of Navigation in the South China Sea: A Practical Guide
Policy Brief - Quarterly Journal: International Security
Oil, Conflict, and U.S. National Interests